CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.5CVSS6.1AI score0.00306EPSS

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This vulnerability...

CNNVD•added 2026/05/29 12:0 a.m.•8 views

JetBrains IntelliJ IDEA 代码问题漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2026.1 contained code vulnerabilities due to XML external entity injections in the UI Designer form parser...

3.3CVSS5.9AI score0.00001EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•13 views

PT-2026-44806

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description A relative path traversal issue exists in the Administration WebUI. This allows remote unauthenticated attackers to delete arbitrary files on the host machines. Relative...

9.1CVSS6AI score0.01102EPSS

Exploits0References4

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...

CNNVD•added 2026/05/29 12:0 a.m.•7 views

Waterfall WF-500 操作系统命令注入漏洞

8.6CVSS6.1AI score0.00306EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44770

Name of the Vulnerable Software and Affected Versions Acer Wave 7 router affected versions not specified Description The acer cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for both web and Telnet...

10CVSS5.8AI score0.00059EPSS

Exploits0References7

Positive Technologies•added 2026/05/29 12:0 a.m.•10 views

PT-2026-44972

Name of the Vulnerable Software and Affected Versions TP-Link TL-SG108PE v5 affected versions not specified Description A stored cross-site scripting XSS issue exists in the web management interface. This occurs because the SYSNAM configuration parameter is not properly sanitized during the...

5.3CVSS5.7AI score0.00041EPSS

Exploits0References6

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...

CNNVD•added 2026/05/29 12:0 a.m.•6 views

ASUS System Control Interface 安全漏洞

ASUS System Control Interface is a computer system control interface developed by ASUS, a Chinese company. There is a security vulnerability in the ASUS System Control Interface, which stems from improper allocation of permissions for critical resources. This vulnerability could allow local users...

7.3CVSS6.1AI score0.00014EPSS

CNNVD•added 2026/05/29 12:0 a.m.•6 views

Network Optix Nx Witness VMS 安全漏洞

Network Optix Nx Witness VMS is a video management system developed by the American company Network Optix. Versions of Network Optix Nx Witness VMS prior to version 6.1.2 contained security vulnerabilities. These vulnerabilities were caused by incorrect CORS configurations in the REST API, which...

7.5CVSS5.9AI score0.00083EPSS

Tenable Nessus•added 2026/05/29 12:0 a.m.•6 views

AlmaLinux 8 : kernel-rt (ALSA-2026:21745)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21745 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

9.4CVSS6AI score0.00117EPSS

Exploits0References20

Packet Storm•added 2026/05/29 12:0 a.m.•35 views

📄 WordPress Quick Playground 1.3.1 Shell Upload

Quick Playground for WordPress plugin versions 1.3.1 and below suffers from a remote shell upload vulnerability. Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage:...

9.8CVSS5.8AI score0.01148EPSS

Exploits2

CNNVD•added 2026/05/29 12:0 a.m.•4 views

Waterfall WF-500 安全漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. A security vulnerability exists in the Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040. This vulnerability stems from an...

9.8CVSS5.9AI score0.00222EPSS

CNNVD•added 2026/05/29 12:0 a.m.•6 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...

Positive Technologies•added 2026/05/29 12:0 a.m.•6 views

PT-2026-44925

Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description The administrator account for the web interface allows direct editing of sensitive authentication files, which could enable an unauthorized change of the root...

6.9CVSS5.5AI score0.00036EPSS

Exploits0References6

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 TX and RX Hosts 7.9.1.0 R2502171040 version contains an operating system command injection vulnerability. This...